Recent content by jimp56

Thank you so very much for your immediate, helpful, and courteous advice! also, thanks for the antivir program tip!

OK, I ran the RKR and HJT, they both appear clean to me: rootkit log: HKLM\SECURITY\Policy\Secrets\SAC*: Description: Key name contains embedded nulls (*) Date: 10/26/2005 10:40 AM Size: 0 bytes HKLM\SECURITY\Policy\Secrets\SAI*: Description: Key name contains embedded...

thats my next step. already ran ewido, did not detect watchdll.dll(as a slave), but it was in a temp folder so I will manually clean those, then boot the system and run the revealer. Thanks.

Thanks! Will report back soon...have a conference call now :-( Also note, I currently have the infected drive as a slave on a clean system. will the rootkit detector still work (i should think so)?

Hello- I have encountered a computer with various trojans and a keylogger component (watchdll.dll, reportedly part of cybervizion) -- and no scanners I have yet found have detected it or its other components. Whats do you recommend as a: 1)good keylogger detection utility (when scanning drive...

ghost images definitely carry the same level of fragmentation as the original drive.

best way would be to copy the DL to a PST file and send that to the user, have them copy into addr book

maybe try running the fixmapi utility. http://support.microsoft.com/kb/228457 or do a repair install of outlook/office

is there a default email program listed in internet options? (under programs tab) maybe try running the fixmapi utility. http://support.microsoft.com/kb/228457

there's also this, for future reference: http://support.microsoft.com/kb/327353

see if the tzmove utility helps: http://www.microsoft.com/downloads/details.aspx?FamilyID=e343a233-b9c8-4652-9dd8-ae0f1af62568&displaylang=en

i have the same setup at hom, will check my config and report back tomorrow if i find anything of relevance, otherwise - you should try to force vista to do an upgrade install, which would(should) retain most settings

might be helpful if you a post a link with an uploaded image of the random filename - or type it out here. might better provide a clue as to whats up.

you can also change the LPT port settings on the PC, in the BIOS (setup screen - usually F2, DEL, etc before booting), from ECP to standard or bi-directional.

consider installing a keystroke logger. at least you would know what any intruders had typed. might provide a clue. might also be worth setting up a hidden videocam/webcam if you are still concerned about another intrusion.